-
漏洞信息

-
漏洞描述

Mac OS X CoreTypes contains a flaw that may allow a malicious webpage access to the properties of another domain. The issue is triggered due to the application's failure to properly enforce same-origin policy for JavaScript remote data access. It is possible that the flaw may allow disclosure of sensitive information or may facilitate other attacks against a user of the browser, resulting in a loss of confidentiality.

-
时间线

公开日期:
2006-03-10

发现日期:
Unknow

利用日期:Unknow

解决日期:Unknow

-
解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, vendor has released a patch to address this vulnerability.

-
漏洞讨论

Apple Safari is susceptible to a same-origin policy violation. This issue is due to the application's failure to properly enforce same-origin policy for JavaScript remote data access.

An attacker may create a malicious webpage that can access the properties of another domain. This may lead to disclosure of sensitive information or may facilitate other attacks against a user of the browser.

-
漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

-
解决方案

The vendor has released an advisory along with fixes to address this issue.